About

Junia Valente is a Ph.D. candidate in software engineering at the Erik Jonsson School of Engineering & Computer Science at The University of Texas at Dallas, under the supervision of Dr. Alvaro Cardenas. Her research interests include Internet of Things security, cyber-physical systems security, and trusted computing.

Last summer Junia worked as an intern with the Product Security team @ Facebook and in the past she worked as an engineering intern with the server security team at Samsung Research America - Dallas.

Press coverage of my research: Forbes [article] [video] - Apr/17 • Threatpost: [article] [podcast] - May/17
US-CERT published a Note on vulnerabilities I found on quadcopter drones (CVE-2017-3209) - Apr/17

In addition to her studies, Junia has participated at hackathons with tech leaders and engineers from the Bay Area to build advocacy tools intersecting tech and politics: Text4Reform and FWDnow. Also, she is committed to efforts to increasing and retaining the participation of women in tech. Likewise, Junia is involved with the music program at UTD: currently as a flutist with the UTD Pep Band and in the past as a violist at the UTD Orchestra under the direction of the late Mr. Arkady Fomin.

She holds a M.S. degree in Computer Science with Major in Software Engineering and a B.S. degree in Software Engineering with Minor in Music from The University of Texas at Dallas.

Publications

Junia Valente and Alvaro A. Cardenas (2017). Security & Privacy in Smart Toys. In Proceedings of 1st ACM Workshop on Internet of Things Security & Privacy (IoT S&P'17) in conjunction with CCS'17, Dallas, Texas.

We analyze the security practices of three smart toys that communicate with children through voice commands. We show the general communication architecture, and some general security and privacy practices by each of the devices. Then we focus on the analysis of one particular toy, and show how attackers can decrypt communications to and from a target device, and perhaps more worryingly, the attackers can also inject audio into the toy so the children listens to any arbitrary audio file the attacker sends to the toy. This last attack raises new safety concerns that manufacturers of smart toys should prevent.

Junia Valente and Alvaro A. Cardenas (2017). Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family. In Proceedings of 1st ACM Workshop on Internet of Things Security & Privacy (IoT S&P'17), Dallas, Texas.

In this paper we identify new threats to drones in an effort to have a better public discussion of realistic attacks that vendors need to take into consideration when designing their products. In particular we study in detail the security of a new drone family (U818A) released in 2016, which is quickly becoming a best-selling brand, and is re-purposed and sold by a variety of drone vendors. We implemented and tested several attacks and considered privacy issues (e.g., remotely accessing someone else's drone to take video or images of a private setting), security issues (e.g., stealing a drone mid-flight), and safety issues (e.g., taking down a drone operated by someone else). We finish the paper by recommending basic steps to improve the security of drones.

Junia Valente and Alvaro A. Cardenas (2017). Remote Proofs of Video Freshness for Public Spaces. In Proceedings of 3rd ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC'17) in conjunction with CCS'17, Dallas, Texas.

We propose the use of trusted and verified social media feeds as visual challenges to increase our confidence that video footage from public spaces is fresh and authentic. Our work is related to recent advances in a growing area dealing with ways to prove physical statements to a digital (or even human) verifier, where a verifier sends a physical (real-world) challenge to the prover and the prover (usually a sensor) takes measurements of the physical property and submits the response to the verifier. Our proposal can be used to automatically verify the video feed from a (possibly untrusted) camera monitoring a public space.

David I. Urbina, Jairo Giraldo, Alvaro A. Cárdenas, Junia Valente, Mustafa Faisal, Nils Ole Tippenhauer, Justin Ruths, Richard Candell, and Henrik Sandberg (2016). Survey and New Directions for Physics-Based Attack Detection in Control Systems. National Institute of Standards and Technology, NIST GCR 16-010, Technical Report.

Monitoring the "physics" of control systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements in order to identify potentially false control commands or false sensor readings. In this paper, we review previous work based on a unified taxonomy that allows us to identify limitations, unexplored challenges, and new solutions. In particular, we propose a new adversary model and a way to compare previous work with a new evaluation metric based on the trade-off between false alarms and the negative impact of undetected attacks. We also show the advantages and disadvantages of three experimental scenarios to test the performance of attacks and defenses: real-world network data captured from a large-scale operational facility, a fully-functional testbed that can be used operationally for water treatment, and a simulation of frequency control in the power grid.

David I. Urbina, Jairo Giraldo, Alvaro A. Cárdenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg (2016). Limiting the Impact of Stealthy Attacks on Industrial Control Systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria.

We introduce theoretical and practical contributions to the growing literature of physics-based attack detection in control systems. We explain the limitations of previous metrics and adversary models, and propose a stealthy and adaptive adversary model, together with intrusion detection metrics that can be used to study the effectiveness of these detection algorithms in a systematic way. We focus on using real-time measurements of the physical world to build indicators of attacks. Our work is motivated by false sensor measurements or control signals (e.g., the sabotage Stuxnet created by manipulating rotation frequency of centrifuges). The question we try to address is how to detect false sensor or false control attacks in real-time.

Junia Valente and Alvaro A. Cárdenas (2015). Using Visual Challenges to Verify the Integrity of Security Cameras. In Proceedings of the Annual Computer Security Applications Conference (ACSAC'15), Los Angeles, California.

We propose a new way to verify the integrity and freshness of footage from security cameras by sending visual challenges to the area being monitored by the camera. We study the effectiveness of periodically updating plain text and QR code visual challenges, propose attack detection statistics for each of them, and study their performance under normal conditions (without attack) and against a variety of adversaries. Our implementation results show that visual challenges are an effective method to add defense-in-depth mechanisms to improve the trustworthiness of security cameras.

Junia Valente, Carlos Barreto, and Alvaro A. Cárdenas (2014). Cyber-Physical Systems Attestation. In Proceedings of the IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS'14), Marina Del Rey, California.

Cyber-Physical Systems (CPS) are monitored and controlled by a wide variety of sensors and controllers. However, it has been repeatedly demonstrated that most of the devices interacting with the physical world (sensors and controllers) are extremely fragile to security incidents. One particular technology that can help us improve the trustworthiness of these devices is software attestation. While software attestation can help a verifier check the integrity of devices, it still has several drawbacks that have limited their application in the field, like establishing an authenticated channel, the inability to provide continuous attestation, and the need to modify devices to implement the attestation procedure. To overcome these limitations, we propose CPS-attestation as an attestation technique for control systems to attest their state to an external verifier. CPS-attestation enables a verifier to continuously monitor the dynamics of the control system over time and detect whether a component is not behaving as expected or if it is driving the system to an unsafe state.

Mohammad Al-Zinati, Frederico Araujo, Dane Kuiper, Junia Valente, and Rym Wenkstern (2013). DIVAs 4.0: A Multi-Agent Based Simulation Framework. In Proceedings of the 17th IEEE/ACM International Symposium on Distributed Simulation and Real Time Applications (DS-RT'13), Delft, Netherlands.

This paper presents DIVAs 4.0, a framework for the development of large-scale agent-based simulation systems where agents are situated in open environments. DIVAs provides architectures and abstract classes for the definition of agents and open environments, a microkernel for the management of the simulation workflow, domain-specific libraries for the rapid development of simulations, and reusable, extendable components for the control and visualization of simulations. Also, this paper illustrates the use of DIVAs through the development of a simple simulator where virtual agents are situated in a virtual city. The results show that the simulator is capable of executing a very large number of agents in simulated real-time.

Frederico Araujo, Junia Valente, Mohammad Al-Zinati, Dane Kuiper, and Rym Wenkstern (2013). DIVAs 4.0: A Framework for the Development of Situated Multi-Agent Based Simulation Systems (Demonstration). In Proceedings of the 12th International Conference on Autonomous Agents and Multiagent Systems (AAMAS'13), Saint Paul, Minnesota. Best Demo Award in AAMAS'13.

This paper presents DIVAs 4.0, a framework that supports the development of large-scale agent-based simulation systems where agents are situated in open environments. DIVAs includes high-level abstractions for the definition of agents and open environments, a microkernel for the management of the simulation workflow, domain-specific libraries for the rapid development of simulations, and reusable, extendable components for the control and visualization of simulations. Also, this paper illustrates the use of DIVAs through the development of a simulator where virtual agents are situated in a virtual city and an office environment.

Junia Valente, Frederico Araujo, and Rym Wenkstern (2012). On Modeling and Verification of Agent-Based Traffic Simulation Properties in Alloy. Journal of Agent Technologies and Systems (IJATS), 4(4), 38-60.

This paper introduces MATISSE, a multi-agent based simulation platform designed to specify and execute traffic simulations for a new generation of ITS. Also, it presents a formalization of the MATISSE model in Alloy and discusses how static and dynamic properties of the model were verified using Alloy's Analyzer.

* This chapter/paper appears in International Journal of Agent Technologies and Systems (IJATS) edited by Yu Zhang and Goran Trajkovski.
Copyright 2012, IGI Global, www.igi-global.com. Posted by permission of the publisher.

Frederico Araujo, Junia Valente, and Rym Wenkstern (2012). Modeling Agent-Based Traffic Simulation Properties in Alloy. In Proceedings of the Symposium on Agent Directed Simulation (ADS'12) at SpringSim'12, Orlando, Florida. Best Paper Award in ADS'12 and Best Overall Paper Award at SpringSim'12.

The advances in Intelligent Transportation Systems (ITS) call for a new generation of traffic simulation models that support connectivity and collaboration among simulated vehicles and traffic infrastructure. This paper introduces MATISSE, a complex, large scale agent-based framework for the modeling and simulation of ITS and discuss how Alloy, a modeling language based on set theory and first order logic, was used to specify, verify, and analyze MATISSE's traffic models.

Hackathon Projects

Text4Reform, Co-Founder

Jun 2014 - Dec 2014

Text4Reform (http://Text4Reform.org) is a new immigration reform advocacy tool that enables users to send letters to their representatives in Congress via texting for free. Users simply provide their zip code to find out where their representatives stand on the issue, enter basic personal information to address the letter, and provide their personalized message that will be transformed into a physical letter. To deliver letters on the users' behalf, the tool uses the FWD.us letter service. Contributions: came up with the product idea and initial product specifications, and designed and developed Text4Reform's website.

Hackathon: Debug DC: Growthathon by FWD.us and Hackers/Founders at RackSpace, San Francisco
Awards: Innovation Award, People's Choice Award, and Best Use of Twilio API Challenge.
Prizes: 1-hour meetings with Padmasree Warrior (Cisco CTO) and Craig Newmark (craiglist/craigconnects founder)

Team: Junia Valente, Justino Mora, Roly FentanesSponsored by FWD.us

FWDnow

Nov 2013

FWDnow features influential people who support immigration reform and allows their fans and followers to "FWDnow" with them to support a reform. This tool also provides an easy way for people to contact their congressman directly via tweets or phone calls. Contributions: came up with the product idea, led team of Silicon Valley developers and designers, implemented the front-end for FWDnow's website, and pitched product idea to Mark Zuckerberg (Facebook founder & CEO), Drew Houston (Dropbox founder & CEO), Reid Hoffman (LinkedIn co-founder), Andrew Mason (Groupon co-founder), Joe Green (FWD.us founder), and Pulitzer Prize-winning journalist Jose Antonio Vargas (Define American founder).

Hackathon: FWD.us DREAMer Hackathon at LinkedIn HQ, Mountain ViewAward: Honorable Mention for Design by Mark Zuckerberg
In the news: Mashable, CNET, Buzzfeed, Univision, Huffington Post, IB Times, Latino Fox News, SF Weekly, NBC Bay Area

Team: Junia Valente, Edson Sierra, Emerson Malca (StudyRoom), Tony Kim, Alexey Komissaurouk, Nipun DaveSponsored by FWD.us

Academic Projects

Physical Challenge-Based Attestation

Jan 2015 - present

Our research introduces a new kind of attestation tailored specifically for sensing devices. We propose the novel idea of sending "physical world" challenges to attest the trustworthiness of these devices. Here, the verifier does not send the challenge directly to the prover. Instead, we modify the physical environment that the prover (i.e., sensor) is sensing and verify that the expected changes reflect in the sensor readings. We can then detect replay-attacks on sensors, and verify the integrity and freshness of sensor readings.

Award: Best Poster Award, 2nd prize, ACM Student Research Competition at GHC'15Publication: Work accepted at ACSAC'15

Research lab: UTD Cyber-Physical Systems Security Lab • Advisor: Dr. Alvaro Cárdenas

DIVAs 4

Jan 2012 - May 2013

DIVAs 4 is a development framework where autonomous agents are situated in open environments and perceive surroundings through multiple senses. Contributions: reengineered DIVAs (i.e., separation of domain-specific concerns from the framework), implemented the Visualizer's user interface using Nifty GUI for specifying environments at run-time, and designed self-organizing strategies to decentralize the framework.

Award: Best Demo Award at AAMAS'13Publication: Work accepted at AAMAS'13

Research lab: UTD Multi-Agent & Visualization Systems Lab • Group members: Fred Araujo, Junia Valente, Mohammad Zinati

MATISSE

Jun 2011 - May 2013

MATISSE is an agent-based traffic simulation system for the modeling and simulation of Intelligent Transportation Systems where vehicles are simulated as autonomous agents that obey traffic rules and perceive their surroundings through multiple senses. Contributions: specified and verified MATISSE's traffic models using Alloy (a modeling language based on set theory and first order logic), formalized static properties of the system and dynamic properties using execution traces, and implemented an initial version of MATISSE using the DIVAs 4 development framework.

Awards: Best Paper Awards in ADS'12 and SpringSim'12Publication: Work accepted at ADS'12 and IJATS'12

Research lab: UTD Multi-Agent & Visualization Systems Lab • Group members: Fred Araujo, Junia Valente, Mohammad Zinati

PDiA

Jan 2010 - May 2010

PURE Dental iPhone Application (PDiA) is a scheduling system to be used by PURE Dental's front desk staff and patients for dental appointment notifications and rescheduling capabilities that were previously done manually. Main contributions include serving as the team leader of the DevRight App Development Team, learning Objective-C to develop the front-end iPhone application, and designing and implementing the user interface to satisfy customer's requirements (i.e., user-friendly, reusable, modifiable). Other collaborations include designing textual use cases and UML diagrams, writing documentation, specification and user manual, and testing the application.

Instructor: Dr. Kang Zhang • Group members: Junia Valente, Shubhada Deshmukh, Vivek Venkiteswaran, Yu-han Tseng

Sponsored by DevRight LLC - Development of Ideas Done Right

Subsystem Health Tracking

Jan 2009 - May 2009

Subsystem Health Tracking is a software system that determines positive and negative effects on subsystem architectures used by various projects in a company. The software aggregates all project evaluations and display the results in the form of graphs that can be drilled down by the users to understand the impact of different projects on selected subsystems. Main collaborations include the design and implementation of the user interface, user management and login system, integration of different components of the system, and documentation (e.g., requirements document, analysis and design document, and test plan).

Award: Best Senior Design Project Award by Tektronix Communications

Instructor: Dr. Eric Wong • Group members: Brian Thompson, Evan Eubanks, Junia ValenteSponsored by Tektronix Communications

Honors / Awards

2017 - Found security vulnerabilities on DBPOWER U818A WIFI quadcopter drone (CVE-2017-3209). See US-CERT Note.

2016 - Selected to serve on the IEEE Symposium on Security and Privacy (IEEE S&P'17) Student Program Committee
         - Recipient of a Google Internet of Things (IoT) Technology Research Award
         - Found security vulnerabilities on Swann NVW-470 Surveillance Camera System (CVE-2015-8287). See US-CERT Note.
         - Women in CyberSecurity Conference (WiCyS'16, WiCyS'17) scholarship (supported by UT Dallas / NSF)

2015 - Annual Computer Security Applications Conference (ACSAC'15) Conferenceship Award (sponsored by ACSA)
         - Best Poster Award, 2nd prize, ACM Student Research Competition at GHC'15 (sponsored by Microsoft Research)
         - IEEE Symposium on Security and Privacy (IEEE S&P'15) travel grant
         - GREPSEC II Workshop travel grant (supported by NSF and CRA-W)

2014 - UT Dallas Scholarship to attend Grace Hopper Celebration of Women in Computing (GHC'14, GHC'15, GHC'16)
         - FWD.us Debug DC Growthathon winner (sponsored by FWD.us and Hackers/Founders)
         - Computer Research Association travel fund to attend CRA-W Graduate Workshop (2014 & 2015)

2013 - Honorable mention at DREAMer Hackathon at LinkedIn HQ (sponsored by FWD.us)
         - Microsoft Scholarship to attend Grace Hopper Celebration of Women in Computing (GHC'13)
         - Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Summer School Scholarship
         - Best Demo Award, AAMAS'13

2012 - Best Paper Award, Agent-Directed Simulation (ADS'12) Symposium
         - Best Overall Conference Paper Award, SpringSim'12

2009 - Degree Honors, Department of Computer Science at The University of Texas at Dallas
         - Information Assurance Certificate, UT Dallas CyberSecurity & Emergency Preparedness Institute
         - Best Senior Design Project Award by Tektronix Communications

2006 - Dean's List, The University of Texas at Dallas (2006 & 2007)
         - Academic Distinction Scholarship / AES Valedictorian Scholarship, The University of Texas at Dallas (2006 - 2009)

2005 - The State of Texas Valedictorian Scholarship (2005 - 2006)
         - Valedictorian, Summa Cum Laude Diploma at The Jack E. Singley Academy, Irving, Texas

2003 - Drum Major for MacArthur Marching Band, Irving, Texas (2003 - 2005) [video] [video]
         - Texas Aerospace Scholar to participate in a yearlong program by NASA Johnson Space Center

2002 - Recipient of a Celebration of Educational Excellence medallion & congratulatory letter from Texas Governor Rick Perry